QOSMOS IXENGINE CAN HELP DETECT ABNORMAL NETWORK TRAFFIC SUCH AS:
- File shares
- Port scan
- Windows Management Instrumentation (WMI)
- Active directory & admin shares
- ARP spoofing
As a result, network-based lateral movements are rapidly detected allowing rapid containment of attacks and remediation. The protocol information and metadata can also be used to improve the results of user behavior analysis and machine learning, and to enable mitigation at each stage of the kill chain, improving the effectiveness of security solutions.